Patch Tuesday September 2022

Jordan Hammond fun headshot
Jordan Hammond|September 13, 2022
September 2022 Patch Tuesday featured image.
September 2022 Patch Tuesday featured image.

If you've come looking for better news than we had in August, we’ve got some bad news for you. While the overall patch count is much lower, with a total of 63 exploits patched and only five of them critical, we have two publicly known vulnerabilities and one already exploited. A common theme among the critical exploits seems to be IPsec. So if you're not using IPsec, enjoy your slightly less terrible month! Let’s dive into the highlights.

Some highlights (or lowlights)

  • CVE-2022-34718: This 9.8 rated critical patch is a TCP/IP Remote Code Execution(RCE) exploit. It has low complexity and does not require any privileges or user interaction to exploit. The only thing I can see keeping this from being a full 10.0 zero-day is that it only works if IPsec is available. If you are using IPsec and think it can’t be any worse, check out the next one we're highlighting.

  • CVE-2022-34721: This is a 9.8 RCE using the Internet Key Exchange (IKE). It has all the same threats as the previous entry. Low complexity, no need for user interaction, and no credentials needed. I highlighted this one second because, on top of requiring IPsec, it also requires IKE v1 on workstations. If you are running IKE v2, you are already protected from this threat. However, servers are vulnerable to both v1 and v2.

  • CVE-2022-37969: This 7.8 Elevation of Privilege exploit impacts the Windows Common Log File System Driver. This one is already known and exploited in the wild. It does require the attacker to be local, as well as already having some privileges to exploit. If the attacker does have the ability to run code on the machine, they can use this to run as a system. The steps required to run this are greater, but it's for sure something to get patched ASAP.

Wrapping up

We have another Patch Tuesday in the books, and while the nightmare fuel is half of last month, it's still enough to cause some angst, especially if you are using IPsec. If you are one of the lucky ones using IPsec, you have my permission to PANIC!!!! PANIC NOW!!!! Or trust your automated patch management with PDQ Deploy and PDQ Inventory to get your systems patched and secure ASAP.

Jordan Hammond fun headshot
Jordan Hammond

Jordan had spent his life wondering why tasks he didn’t like to do had no options to complete themselves. Eventually he had to make that happen on his own. It turned out that he enjoyed making tasks complete themselves, and PDQ thought that is something he should talk about on the internet while drinking most Thursdays on the PDQ webcast.

Related articles